IBM Tivoli and Cisco 사용자 설명서

다운로드
페이지 516
26
 
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
2.2  Definition of a Network Admission Control project
Objectives of a Network Admission Control solution must be carefully planned 
because the result of having a large number of workstations quarantined may be 
more disruptive to the business than a particular virus attack.
Planning the Network Admission Control is an organizational challenge for most 
enterprises as it requires close cooperation among different groups of people in 
different roles, typically not closely related:
򐂰
Security officers responsible for the formal audit and compliance process
򐂰
Network administrators responsible for configuration of network devices
򐂰
Administrators responsible for everyday PC configuration and maintenance
It is essential to follow these steps in the implementation of the IBM Tivoli 
Security Compliance Manager and Cisco Network Admission Control:
򐂰
Creation of the policies to meet the business requirements and needs
򐂰
Building the policies on the compliance server
򐂰
Deploying the clients with the required software and initial policy
򐂰
Defining and implementing the remediation process
򐂰
Preparing the network infrastructure
򐂰
Turning on the security compliance enforcement
2.2.1  Phased rollout approach
Enforced Network Admission Control solutions are new to the industry and are 
not yet widely adopted so the phased approach to rollout is highly recommended.
In the first phase the most vulnerable network segments should be selected. 
These networks can be selected based on network topology knowledge or on the 
statistics from threat monitoring software. 
NAC planning and deployment may be combined with the process of deploying 
wireless networks, along with IEEE 802.1x authentication.